Password Effectivity

“Ultimately, the effectiveness of the password as a security tool is dependent on the ability of the user to remember it and any failure to remember a password will increase the cost to the user of following the security policy” (Geoffrey B., D, Hilary, J, & Beate, G)

Implementing password security metrics are not hard for software developers or network administrators as long as they know how to control systems that they are using.

There are few easy but essential steps that would help their users to have secure passwords

1) Giving examples. Seeing some password examples or alternatives would make users choose better passwords. Rather than telling them that “they need to pick a more secure password” network administrators / developers may give examples or “secure passwords”. There are also little applications which creates random passwords, they could be offered to users.

2) Prevent using name / surname etc. Stopping users using their names, surnames or date of births as their passwords or in password combination is another helpful step for having securer passwords.

3) Forcing them to use secure passwords. Systems should have control mechanism which checks if the password is secure enough or not and deny if its not secure. This check could have “length checks”, “lower case – capital case checks”, “digit checks” or “symbol checks”. Encouraging users to use different characters in their passwords, with digits and symbols would be a good exercise.

4) Periodic Password changes. Forcing users to change their passwords periodically is another good exercise that network administrators should be doing. Most of the users may use their passwords on other platforms or sites. Therefore their passwords would be more vulnerable than others as they will be more open to being compromised. For instance University of Liverpool’s online system makes expire every user’s password every 90 days and doesn’t allow them to use same password in a row.

5) Letting users know about risks. We should let users know what could “losing password” or “getting someone access to their accounts” may cause. That may help and encourage them to pick stronger passwords if they know that what they / system may lose if anyone hacks into their accounts.

6) Using operating system. Most of the operating systems have password policies. For instance Microsoft has policy that network administrators may apply to their users’ accounts. It could force them to choose stronger passwords or change their passwords more often. It may stop them to login the system without changing password.